package com.dyp.myapp.web.rest;

import com.dyp.myapp.security.AuthoritiesConstants;
import org.springframework.core.io.support.SpringFactoriesLoader;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/api")
public class TestResource {
    SpringFactoriesLoader s;
    @GetMapping("/hello-world")
//            通过结合使用.requestMatchers("/api/**").authenticated()和@PreAuthorize注解，可以更精确地控制对特定URL路径的访问权限。
    @PreAuthorize("hasAuthority(\"" + AuthoritiesConstants.ANONYMOUS + "\")")
    public String helloWorld() {
        return "hello world";
    }

    @GetMapping("/hello-world-other")
    @PreAuthorize("hasAuthority(\"" + AuthoritiesConstants.ADMIN + "\")")
    public String helloWorldOther() {
        return "hello world";
    }
}
